[英]Symfony 4 login form : authenticating successfully, but authentication immediately lost after redirect
[英]Symfony 4: Authentication Token is lost from the Session after login_check redirect
最近,我進行了一些代碼更改,以使用PdoSessionHandler在數據庫中存儲會話。 我正在使用Guard身份驗證。 checkCredentials工作正常,工作正常,插入“會話”表中也工作正常。 但是/ login_check重定向后,會話中的身份驗證令牌丟失。
身份驗證令牌將以序列化格式存儲在會話中的“ _security_secured_area”下,並且該會話也保存在數據庫中,但是在從/ login_check重定向到/ login_redirect會話后,ID相同,但身份驗證令牌詳細信息丟失。 可能無法從數據庫填充身份驗證詳細信息。
這是我的包/security.yaml
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
guard:
authenticators:
- App\Security\LoginFormAuthenticator
logout:
path: _logout
target: _public_signin
logout_on_user_change: true
remember_me:
secret: '%kernel.secret%'
lifetime: 2592000 # 30 days in seconds
path: /
domain: ~
remember_me_parameter: _stay_signedin
# by default, the feature is enabled by checking a
# checkbox in the login form (see below), uncomment the
# following line to always enable it.
#always_remember_me: true
token_provider: token_service
這是我的gurardAuthenticator:
/**
* Override to change what happens after successful authentication.
*
* @param Request $request
* @param TokenInterface $token
* @param string $providerKey
*
* @return RedirectResponse
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
/** @var User $user */
$user = $token->getUser();
if ($user->getNewUser() === true) {
$url = '_onboard';
} elseif ($user->getResetPass() === true) {
$url = '_change_temp_password';
} else {
$url = '_login_redirect';
}
//$request->getSession()->save();
// MAS: TODO Add Audit probably in listener
return new RedirectResponse($this->urlGenerator->generate($url));
}
在AuthenticationSuccess之后,它會自動重定向到SecurityController.php中的loginReditrectAction(),但此處PostAuthenticationGuardToken丟失,AuthenticationEvent返回AnonymousToken。 我在SecurityContrller.php中的loginRedirectAction()中打印會話時發現的另一個觀察結果是,會話數據中缺少“ _security_secured_area”。
#session: Session {#149 ▼
#storage: NativeSessionStorage {#148 ▶}
-flashName: "flashes"
-attributeName: "attributes"
-data: &2 array:2 [▼
"_sf2_attributes" => &1 array:4 [▼
"_csrf/https-kinetxx" => "rvR8Rr2UcDM_-y16ehk_jgYvMREJ8mTNouYCT16RtfY"
"_security.last_username" => "ktx_provider"
"userTimeZone" => "America/Chicago"
"practiceTimeZone" => "America/New_York"
]
"_symfony_flashes" => &3 []
]
我的SecurityController.php
/**
* @Route("/login_redirect", name="_login_redirect")
*
* @param Request $request
*
* @return RedirectResponse
*/
public function loginRedirectAction(Request $request)
{
dump($request);
dump($this->get('security.authorization_checker'));
die;
}
有人可以幫我解決這個問題嗎?
我遇到了這個問題,解決方案是將我的提供商實體從
implements UserInterface, \\Serializable
至
implements AdvancedUserInterface, \\Serializable, EquatableInterface
並添加所需的方法: isEqualTo(UserInterface $user)
, isAccountNonExpired()
, isAccountNonLocked()
, isCredentialsNonExpired()
, isEnabled()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.